Sr. Engineer - Identity and Access Management

What makes this a great opportunity?

Suntory Global Spirits is a world leader in premium spirits with $5.5 billion in annual revenues and an ambition to become the World’s Most Admired Premium Spirits Company. We have a strong vision and strategy, an incredible brand portfolio grounded in quality and craftsmanship, an unwavering commitment to sustainability and top talent across the organization. We are focused on driving value across key priorities including American whiskey, Japanese Spirits, Scotch, Tequila and Ready-to-Drink. Headquartered in New York City, Suntory Global Spirits is a subsidiary of Suntory Holdings, which is world renowned for delivering quality and excellence across a range of products and categories.

Mission of Role

Suntory Global Spirits currently has the following position open: Identity & Access Management (IAM) Senior Engineer. Working Hybrid (3 days in the Gurgaon office). Within the Cybersecurity business unit, the IAM Senior Engineer is responsible for supporting and administering enterprise Identity and Access Management (IAM), Identity Governance and Administration (IGA), authentication, authorization, and Privileged Access Management (PAM) solutions. This role ensures secure, compliant, and efficient access to enterprise systems and data using Delinea Server Suite, SailPoint ISC, Microsoft Entra ID, CyberArk, and Ping Advanced Identity Cloud, while partnering with IT, Security, Audit, and business stakeholders.

Role Responsibilities

• Administer, configure, and enhance Identity Governance (IGA) platforms such as SailPoint ISC, including lifecycle management (JML), RBAC model design, access certifications, workflow customization, and application onboarding.

• Design, implement, and support enterprise authentication solutions including MFA, SSO, federation, and adaptive access controls using platforms such as Entra ID and PingOne Advanced Identity Cloud.
• Architect and implement Privileged Access Management (PAM) and Just-in-Time (JIT) access models, eliminating standing privileges and enforcing least-privileged principles across cloud and hybrid environments.
• Engineer and manage Cloud IAM controls (Azure/Entra ID and GCP) including role design, conditional access policies, identity protection, workload identity federation, and risk-based access reviews.
• Develop and maintain secure identity integration patterns using SAML, OAuth2, OIDC, SCIM, and LDAP across enterprise and SaaS applications.
• Contribute to IAM architecture standards, governance frameworks (RACI), and access control policies aligned with Zero Trust principles.
• Automate IAM processes through scripting (PowerShell or equivalent), reporting enhancements, and integration with ITSM tools such as ServiceNow.
• Conduct security posture assessments, support audit and compliance activities, and remediate identity-related risks and vulnerabilities.
• Lead and support IAM modernization initiatives, including legacy platform decommissioning, cloud migration enablement, and continuous security improvement.
• Collaborate with Security, Infrastructure, DevOps, and Application teams to ensure scalable, compliant, and resilient identity solutions.

Qualifications

• Bachelor’s degree in information technology, Cybersecurity, Information Security, or related field (or equivalent experience)
• 7–9 years of experience in IAM, IGA, access management, or cybersecurity engineering and architecture
• Hands-on experience with Delinea Server Suite, SailPoint ISC, Microsoft Entra ID, CyberArk, and Ping Advanced Identity Cloud & GCP Identity Management.
• Strong understanding of authentication and authorization protocols including SAML, OAuth 2.0, OpenID Connect (OIDC)
• Hands-on experience with Active Directory (AD), LDAP, and hybrid identity environments
• Hands-on experience supporting cloud and hybrid IAM architectures
• Scripting or automation experience using PowerShell and/or Python
• IAM or security certifications preferred (e.g., Security+, CISSP, Azure Security Certification)
• Strong analytical, troubleshooting, and technical documentation skills

Key Competencies

• Security-first and risk-aware mindset
• Strong time management, organization, and prioritization and solutioning skills
• Ability to work independently and manage competing priorities
• Ability to drive projects to completion
• Ability to research, deploy or upgrade new technologies in IAM landscape
• Clear written and verbal communication with technical and non-technical stakeholders
• High attention to detail and commitment to compliance
• Effectively manage own workload, prioritize tasks, and meet deadlines across multiple IAM initiatives